From: Djalal Harouni <tixxdz@gmail.com>
To: Andy Lutomirski <luto@kernel.org>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Kees Cook <keescook@chromium.org>,
Andrew Morton <akpm@linux-foundation.org>,
Linux FS Devel <linux-fsdevel@vger.kernel.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
LSM List <linux-security-module@vger.kernel.org>,
Linux API <linux-api@vger.kernel.org>,
Dongsu Park <dpark@posteo.net>,
Casey Schaufler <casey@schaufler-ca.com>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
Jeff Layton <jlayton@poochiereds.net>,
"J. Bruce Fields" <bfields@fieldses.org>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Alexey Dobriyan <adobriyan@gmail.com>,
Ingo Molnar <mingo@kernel.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Oleg Nesterov <oleg@redhat.com>, Michal Hocko <mhocko@suse.com>,
Jonathan Corbet <corbet@lwn.net>
Subject: Re: [PATCH RFC v2 5/6] proc: instantiate only pids that we can ptrace on 'limit_pids=1' mount option
Date: Tue, 2 May 2017 16:00:41 +0200 [thread overview]
Message-ID: <CAEiveUcX8Wg2jw+jt9hqGMpEXEM5RLj3chKvHyOzd9vkW=ePNg@mail.gmail.com> (raw)
In-Reply-To: <CALCETrXM7-NBnBcXbuuhDJZyUFLT7iRfcGGvaqUhDJBGkYJgcQ@mail.gmail.com>
Hello Andy,
(Sorry for my late response)
On Thu, Apr 27, 2017 at 12:09 AM, Andy Lutomirski <luto@kernel.org> wrote:
> On Tue, Apr 25, 2017 at 5:23 AM, Djalal Harouni <tixxdz@gmail.com> wrote:
>> If "limit_pids=1" mount option is set then do not instantiate pids that
>> we can not ptrace. "limit_pids=1" means that procfs should only contain
>> pids that the caller can ptrace.
>>
>> Cc: Kees Cook <keescook@chromium.org>
>> Cc: Andy Lutomirski <luto@kernel.org>
>> Signed-off-by: Djalal Harouni <tixxdz@gmail.com>
>> ---
>> fs/proc/base.c | 9 +++++++++
>> 1 file changed, 9 insertions(+)
>>
>> diff --git a/fs/proc/base.c b/fs/proc/base.c
>> index 2e0f661..a663284 100644
>> --- a/fs/proc/base.c
>> +++ b/fs/proc/base.c
>> @@ -3149,6 +3149,7 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
>> unsigned tgid;
>> struct proc_fs_info *fs_info = proc_sb(dir->i_sb);
>> struct pid_namespace *ns = fs_info->pid_ns;
>> + int limit_pids = proc_fs_limit_pids(fs_info);
>
> Shouldn't the addition of proc_fs_limit_pids() be in this patch?
Actually I think this patch should be part of proc_fs_limit_pids()
since it will cover paths that are not handled by inode ->permission()
checks. But I will review this patch ad discussion "devpts: Make each
mount of devpts an independent filesystem" [1] and try to get the
rational about it, if doing permission like checks in lookups is
related, or if it should be done in the first place...
The other thing that I didn't have time to check is standardizing on
returned error codes: I prefer to always return -ENOENT, instead of
-EPERM or sometimes -ENOENT.
> Also, can we name it something self-documented?
> "ptraceable_pids_only=1", perhaps? Or even pids=ptraceable (as
> opposed to pids=all or maybe other choices in the future)?
Yes, I will update.
[1] https://patchwork.kernel.org/patch/9150781/
--
tixxdz
next prev parent reply other threads:[~2017-05-02 14:00 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-25 12:23 [PATCH RFC v2 0/6] proc: support private proc instances per pidnamespace Djalal Harouni
2017-04-25 12:23 ` [PATCH RFC v2 1/6] proc: add proc_fs_info struct to store proc information Djalal Harouni
2017-04-25 12:23 ` [PATCH RFC v2 2/6] proc: move /proc/{self|thread-self} dentries to proc_fs_info Djalal Harouni
2017-04-25 12:23 ` [PATCH RFC v2 3/6] proc: add helpers to set and get proc hidepid and gid mount options Djalal Harouni
2017-04-25 12:23 ` [PATCH RFC v2 4/6] proc: support mounting private procfs instances inside same pid namespace Djalal Harouni
2017-04-26 22:13 ` Andy Lutomirski
2017-05-02 14:29 ` Djalal Harouni
2017-05-02 16:33 ` Andy Lutomirski
2017-05-03 15:18 ` Djalal Harouni
2017-04-25 12:23 ` [PATCH RFC v2 5/6] proc: instantiate only pids that we can ptrace on 'limit_pids=1' mount option Djalal Harouni
2017-04-26 22:09 ` Andy Lutomirski
2017-05-02 14:00 ` Djalal Harouni [this message]
2017-04-25 12:23 ` [PATCH RFC v2 6/6] proc: flush task dcache entries from all procfs instances Djalal Harouni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAEiveUcX8Wg2jw+jt9hqGMpEXEM5RLj3chKvHyOzd9vkW=ePNg@mail.gmail.com' \
--to=tixxdz@gmail.com \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=bfields@fieldses.org \
--cc=casey@schaufler-ca.com \
--cc=corbet@lwn.net \
--cc=dpark@posteo.net \
--cc=ebiederm@xmission.com \
--cc=james.l.morris@oracle.com \
--cc=jlayton@poochiereds.net \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mhocko@suse.com \
--cc=mingo@kernel.org \
--cc=oleg@redhat.com \
--cc=serge@hallyn.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).